In the Claims: 

Please amend Claims 57, 58, 63, 64, 72, 73, 81 and 82, all as shown below. Applicant 
reserves the right to prosecute any originally presented claims in a future or continuing application. 

1-56. (Previousfy Canceled). 

57. (Currently Amended) A system for maintaining security in a distributed computing 
environment, comprising: 

a policy manager located on a server for creating a local security policy and for distributing 
the local security policy to a client wherein the local security policy includes a plurality of rules 
customized to the clien t, said plurality of rules including a set of grant rules that allow access to 
securable components and a set of deny rules that prevent access to said securable components : 
and 

an application guard located at the client for managing access by individual transactions 
to securable components at a client level as specified by the local security policy, the securable 
components including at least one application; 

wherein the policy manager receives a global security policy that includes a plurality of rules 
for regulating access to said securable components within the system and wherein the policy 
manager customizes the local security policy by selecting a subset of rules from the global security 
policy that t» are applicable to the application guard and distributes the subset to the application 
guard : and 

wherein the application guard receives an authorization request including a subject, an 
object and a privilege and evaluates said request by matching the subset of rules received from 
the policy manager to said subject, said object and said privil ege in order to control access to said 
securable components . 

58. (Currently Amended) The system of Claim 57 inc l ud i ng wherein said securable components 
further include a function within the application as specified by the security policy. 

59. (Withdrawn) The system of Claim 57 including a procedure within the application as 
specified by the security policy. 
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60. (Withdrawn) The system of Claim 57 including a data structure within the application as 
specified by the security policy. 

61. (Withdrawn) The system of Claim 57 including a database object referenced by the 
application as specified by the security policy. 

62. (Withdrawn) The system of Claim 57 including a file system object referenced by the 
application as specified by the security policy. 

63. (Currently Amended) A method for maintaining security in a distributed computing 
environment, comprising: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one application; 

creating a local security policy via a policy manager located on a server, the local security 
policy including a plurality of rules customized to a client wherein creating the local security policy 
includes customizing the local security policy by selecting a subset of rules from the global security 
policy that is applicable to an application guard located on the client; 

distributing the local security policy to the client; and 

receiving an authorization request by the application guard, the authorization request 
including a subject an object and a privilege; 

managing access as specified by the local security policy via the application guard located 
at the client to securable components wherein managing access includes comparing the subject, 
object and privilege to the subset of rules of the local security policy . 

64. (Currently Amended) The method of Claim 63 i nc l ud i ng wherein the securable components 
include a function within the application as specified by the security policy. 

65. (Withdrawn) The method of Claim 63 including a procedure within the application as 
specified by the security policy. 

66- (Withdrawn) The method of Claim 63 including a data structure within the application as 
specified by the security policy. 
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67. (Withdrawn) The method of Claim 63 including a database object referenced by the 
application as specified by the security policy. 

68. (Withdrawn) The method of Claim 63 including a file system object referenced by the 
application as specified by the security policy. 

69-71. (Previously Canceled). 

72. (Currently Amended) A method for maintaining security in a distributed computing 
environment, comprising the steps of: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one application; 

providing a policy manager located on a server to create a local security policy including a 
plurality of rules customized to a client wherein creating the local security policy includes 
customizing the local security policy by selecting a subset of rules from the global security policy 
that is applicable to an application guard located on the client; 

distributing the local security policy to the client; and 

providing an application guard located at the client to manage access to securable 
components at a client level as specified by the local security policy; 

receiving an authorization request bv the application guard, said authorization request 
including a subject, an object and a privilege: and 

controlling access to the securable components bv matching the subject, object and 
privilege to the subset of the rules bv the application guard . 

73. (Currently Amended) The method of Claim 72 inc l uding wherein the securable components 
include a function within the application as specified by the security policy. 

74. (Withdrawn) The method of Claim 72 including a procedure within the application as 
specified by the security policy. 

75. (Withdrawn) The method of Claim 72 including a data structure within the application as 
specified by the security policy. 
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76. (Withdrawn) The method of Claim 72 including a database object referenced by the 
application as specified by the security policy, 

77. (Withdrawn) The method of Claim 72 including a file system object referenced by the 
application as specified by the security policy. 

78-80. (Previously Canceled). 

81 . (Currently Amended) A computer readable storage medium having stored thereon a set of 
instructions to execute a method for maintaining security in a distributed computing environment 
comprising the steps of: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one application; 

creating a local security policy via a policy manager located on a server, the local security 
policy including a plurality of rules customized to a client wherein creating the local security policy 
includes customizing the local security policy by selecting a subset of rules from the global security 
policy that is applicable to an application guard located on the client; 

distributing the local security policy to the client; and 

receiving an access reauest by the application guard, said access request including a 
subject, an object and a privilege: 

matching the access request to at least one rule selected from the subset of the rules in 
order to manage m a nag i ng access as specified by the local security policy via the application guard 
located at the client to securable components. 

82. (Currently Amended) The computer readable storage medium of Claim 81 wherein the 
securable components include in c l ud i ng a function within the application as specified by the 
security policy. 

83. (Withdrawn) The computer readable storage medium of Claim 81 including a procedure 
within the application as specified by the security policy. 

84. (Withdrawn) The computer readable storage medium of Claim 81 including a data structure 
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within the application as specified by the security policy. 

85. (Withdrawn) The computer readable storage medium of Claim 81 including a database 
object referenced by the application as specified by the security policy. 

86. (Withdrawn) The computer readable storage medium of Claim 81 including a file system 
object referenced by the application as specified by the security policy. 

87-89* (Previously Canceled). 

90. (Previously Presented) The system of claim 57, wherein the application guard further 
allows for additional customized code to process and evaluate authorization requests based 
on the additional customized code. 

91 . (Currently Amended) The system of claim 90. wherein the global policy specifies access 
privileges of a user to securable components. 

92. (Previously Presented) The method of claim 72, wherein the application guard further 
allows for additional customized code to process and evaluate authorization requests based 
on the additional customized code. 

93. (Previously Presented) The method of claim 92, wherein the global policy specifies 
access privileges of a user to securable components. 

94. (Previously Presented) The computer readable storage medium of claim 81 , wherein 
the application guard further allows for additional customized code to process and evaluate 
authorization requests based on the additional customized code. 

95. (Previously Presented) The computer readable storage medium of claim 94, wherein 
the global policy specifies access privileges of a user to securable components. 
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